LD7087 Information Governance and Cyber Security Assignment Help
Module Title: | Information Governance and Cyber Security |
Module Number: | LD7087 |
Module Tutor Name(s): | Hamid Jahankhani [HJ], Ning Tse [NT], Omer Raza [OR], Syed Raza [SR], Umair Chaudhry [UC] |
Academic Year: | 2023-24 |
% Weighting (to overall module): | 100% |
Coursework Title: | Report |
Dates and Mechanisms for Assessment Submission and Feedback
Date of Handout to Students:
Week 3 via Blackboard
Mechanism for Handout to Students:
Via Blackboard, briefing via face 2 face session.
Date and Time of Submission by Student:
Submitted on Tuesday, 27 Aug 2024 (no later than 16:00)
Mechanism for Submission of Work by Student:
The report must be submitted Turnitin on Module Blackboard site. There will be two submissions;
Date by which Work, Feedback and Marks will be returned to Students:
Within 30 working days after the submission date.
Mechanism for return of assignment work, feedback and marks to students:
Formal feedback will be made available via Blackboard following completion of all reviews and internal moderation of results.
Learning Outcomes tested in this assessment:
This assignment will assess the following learning outcomes:
1.Critically evaluate the key information governance principles, practices and security frameworks to demonstrate your understanding in the design, development, implementation and monitoring of information security management system of an organisation.
2.Ability to critically evaluate the risk assessment methodology to determine appropriate control objectives for a given organisational scenario.
3.Demonstrate ability to work as a member of a team and make contributions to team success and effectiveness.
4.Critically appraise, social, ethical and legal responsibilities of an Information security auditor to comply with.
General Information
This assignment consists of two parts;
Part A (70%) – Individual (002) – 2500 words submitted individually.
Part B (30%) – Group work (001) – 2500 words submitted as a group.
Any queries relating to this assignment should be directed to module leader:
Assessment Brief
Housing association (HA) in the UK offer services of shared ownership homes and affordable renting to support people on lower income. For HA to support the people in need or the vulnerable people. It requires to main the database of personal information of all the customers, so that the appropriate support can be provided to everyone on merit. Considering a wide range of network of Housing Associations across the UK. These housing associations requires data sharing of customers across the different sites, which can include tenant’s demographics, services required, contact information and other personal information.
This data is also used for analytic purposes to optimise the growing housing needs for the needy people. The personal information can also be used by HA to share with their suppliers, contractors and any other third party for better homes construction as well as the debt collection agencies, in case anyone default to utility companies.
These operations means more responsibility towards regulatory, legal, and contractual obligations for the business, to safeguard the privacy of their customers data. To address the challenges posed by the changing cyber security landscape, HA management acknowledges the significance of information security to its assets, and the responsibility to ensure protection of personal data of its stakeholders and to maintain confidentiality, integrity, and availability against cyber security attacks. The HA wants to adopt robust Information Security policy to adhere with legal and regulatory compliances and understand that Information Governance can play a vital role in its day-to-day operations as it establishes policies, procedures, and accountability, which is imperative for an effective management lifecycle for its customers and other stakeholders’ personal data and can maximise data privacy and confidentiality.
The aim of Information Governance is not only to provide data confidentiality and protection assurance to HA management but to also help individual staff members to understand the importance of data handling procedures. This will assist them to adhere to information assurance, corporate information assurance, information security assurance procedures and perform their duties ethically to demonstrate duty of care as well as respecting data subject rights while processing their personal data and also to avoid any escalation privileges.
Your task is to develop an information governance policy for HA and write an accompanying report, which provides justification of policy contents, chosen framework, risk assessment methodologies and strategy to implement strong information governance for the given organisation.
Assessment Criteria/Marking Scheme:
The work will be marked out of 100 in line with the University’s marking grades and according to the following assessment criteria:
Description | Marks |
Part A: Individual Task (002) | |
Task 1: Information Governance Need & Cyber Security Threats – 40% (Suggested word limit for this section is 900 words) | |
Critically appraise understanding of latest cyber security threats to information assets and demonstrate requirements of Information Governance need in the context of given scenario. The role of Information Security auditors to comply with social, ethical and legal requirements to assess the effectiveness of Information Security Management System. Report should include appropriate language, referencing, clarity of expression style, format and length. | 40 |
Task 2: Framework – 20% (Suggested word limit for this section is 700 words) | |
Justification of the approach taken and rationale for the scope and content of the Information Security Management Systems (ISMS) based on a critical evaluation and understanding of the organisation, and reference to principles and best practice. This could include critical evaluation of Information governance frameworks and rationale of the choice considered for a given context. Presentation should include appropriate language, referencing, clarity of expression style, format and length. | 20 |
Task 3: Risk Assessment – 40% (Suggested word limit for this section is 900 words) | |
Justification of the importance of information governance to the organisation based on a critical evaluation of the organisational context. This should include risk assessment methodologies either qualitative or quantitative. Identify information assets, identify threats, vulnerabilities and risks associated with assets. Presentation should include appropriate language, referencing, clarity of expression style, format and length. | 40 |
Total | 100 |
Part B: Group Task (001) | |
Task 4: Policy - 30% (suggested word limit for this section is 2500 words) | |
The information security policies should include Introduction, purpose, scope. | 15 |
Identification and allocation of roles and responsibilities, accountable for ensuring legal, regulatory, and contractual obligations in the context of given scenario. | 20 |
Information Governance Policy Framework with recommendations of minimum 8 controls to establish Information Security Management System for given context. | 35 |
Implementation plan and monitoring mechanisms to address security threats and mitigate security vulnerabilities in the context of given scenario | 20 |
Presentation should include appropriate language, referencing, clarity of expression style, format and length. | 10 |
Total | 100 |
Grading Guidance
Distinction (70 and above):
Excellent in-depth understanding of the risk assessment process, critical appraisal of different Information Governance frameworks and contemporary cyber threats to information assets in the context of given scenario. A robust policy detailing assurance, governance and responsibilities in the context of given scenario, mentioning best practices to adhere with ethical standards. Thorough critical analysis is made to deliver successful implementation of all tasks and justification of choices are made.
Commendation (60-69):
Very good application and synthesis of successful implementation of all tasks is delivered. Report contents are relevant and original but lack excellence in explanation and would need more academic rigour. The robustness and correctness of the risk assessment is not through.
Pass (50-59):
Provide basic understanding of the deliverables. Some deliverables are incomplete. There are number of inconsistencies in each task. Inadequate evaluation and incomplete justification of the choices made. Report shows some errors and not detailed. There is limited consideration to implement design and implementation strategies.
Fail (less than 50):
Provide little or no understanding of the risk process. Incomplete attempt or lacks substantial parts of the deliverables. Fail to demonstrate understanding of the concepts required to implement deliverables. Work lacks serious clarity and detail relevant to the assignment. There are several errors in the submitted report.
Academic Integrity Statement: You must adhere to the university regulations on academic conduct. Formal inquiry proceedings will be instigated if there is any suspicion of plagiarism or any other form of misconduct in your work. Refer to the University’s Assessment Regulations for Northumbria Awards if you are unclear as to the meaning of these terms. The latest copy is available on the University website. (Accessed on 25.07.2023)
Formative Feedback
There will be an opportunity for formative feedback during the semester. You are advised to start working on this assignment as early as possible so that you can seek clarification from the module tutor regarding any questions you might have during the semester. Note that tutors will not predict your grade, and you should not take the lack of comment on any aspect of your work as indicating that it is correct. You should make every effort to take advantage of formative feedback as tutors will not comment on draft work at other times. Remember that you will get more useful feedback from us by asking specific questions than just presenting us with your documentation and asking, ‘Is this right?’
Penalties for Exceeding Word Limits:
The following penalties will be applied after any reductions in mark due to late submission have been made, Penalties will be applied as defined in the University Policy on Word Limits Policy. (Accessed 25.07.2023)
The actual word count is to be declared on the front of the assessment submission.
Under the word limit | No Penalty: In not making use of the full word count, students may have self-penalised their work. If students have been able to achieve the requirements of the assessment using fewer words than allocated, they will not be penalised. |
Up to 10% over word limit | No Penalty: Situation flagged by tutor in feedback but over-run is tolerated and no deduction is made from the final mark. |
More than 10% over the word limit | The marker will stop reading when they judge that the word count exceeds the recommended word count by more than 10% i.e. for a 3000 word essay, the marker will read only the first 3300 words and will indicate on the text where they stop reading. The content following this point will not be read and a mark will be awarded only for the content up to this point. |
Late Submission Policy:
For coursework submitted up to 1 working day (24 hours) after the published hand-in deadline without approval, 10% of the total marks available for the assessment (i.e.100%) shall be deducted from the assessment mark. Penalties will be applied as defined in the University Policy on the Late submission work. (Accessed 30.05.2024)
For clarity: a late piece of work that would have scored 65%, 55% or 45% had it been handed in on time will be awarded 55%, 45% or 35% respectively as 10% of the total available marks will have been deducted.
Failure to submit: The University requires all students to submit assessed coursework by the deadline stated in the assessment brief. Where coursework is submitted without approval after the published hand-in deadline, penalties will be applied as defined in the University Policy on the Late submission of work. (Accessed 30.05.2024)
